How big are your chances to be infected?

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,110
Some statistics.

Suppose that there are 2 billions home computers used in daily activities. If the average infection chance per year is 0.5% (as calculated in OP) then we would have about 10 mln infected home computers.

From the traffic incident statistics, we know that there are about 30-50 mln. injured people a year. About 25% of victims are badly injured, and this also gives about 10 mln.

So, the chances to be infected by Windows malware are similar to the chances of being badly injured in a traffic accident.
 

Raiden

Level 19
Verified
Content Creator
May 7, 2018
899
Very interesting thread!

Thanks for making it @Andy Ful . I do find it interesting that the overall the total amount of new malware created each year really hasn't changed very much. Personally I just assumed that it would just keep increasing year, after year. As it's already been stated, despite all the advancements over the years to combat this, it's still very much a cat and mouse game, with each try to one up the other. I myself am not worried all that much. I keep back ups of all important data, I keep my systems up to date, I practice safe web browsing, etc... While I am over simplifying this a little, end of the day, overall habits will either increase, or decrease your chances of getting infected.

That being said, this thread also highlights that there is always the potential chance of getting infected, even if you always practice safe habits. Just like those who still develop lung cancer, even though they never smoked in their life. That's way it's always important to always back up your data properly....you never know if/when it will happen.(y)
 
F

ForgottenSeer 89360

It changes quality and form, this renders increase in number unnecessary. I personally saw many trend changes, as I was a kid when Kaspersky’s VirusList (now securelist) website got my interest towards malware, after I had a Zlob trojan infection. Misleading applications, screen lockers (early ransomware), encryptors, now file-less infostealers and ransomware that also uploads your data.

Either way, by running any top-notch AV, chances are not really high, as this will require heavy evasion, which in turn requires heavy research and funding. This might not be worthy for a home environment. GitHub is full of exploits, but finding and applying these is still time-consuimg. I sent a file-less Tesla sample to @struppigel and this led to an AMSI bypass, freely available on GitHub and consisting of no more than 10 lines of code. It’s been released 3 months ago and it’s only been partially patched (System.net.WebClient has been disabled, but executable can still be smuggled). Pentesters are supposed to have a security spirit, yet they publish exploits, instead of working with companies to render them ineffective.

Even if they steal your credentials and CC details (identity theft), banks nowadays, as well as many websites, have become far more vigilant with location awareness, 2FA and many other factors. So a successful infection != successful compromise. If your information reaches the black market, it’s not guaranteed that attempts to use it will be made. Transaction disputes cause banks themselves to lose money and this might be dangerous for amateur attackers. For €0.99 banks will involve various security departments and institutions.

Other malware, such as bots/botnets, even if undetected initially, might be detected in few hours or days. It’s not guaranteed that the attacker will start sending out SPAM or DDoS traffic right after the infection. It’s not guaranteed that once activated, the bot won’t trigger a detection when it starts executing the script.
It’s worth mentioning that attackers themselves told me cryptojacking, as well as crypto-stealing is very stable in the long run, but this is normally done through RATs/ Backdoors and affects people who run no AV (again, attacker words). People frequently downloading cheats and cracks with no active AV are most threatened.

Ransomware infections are nasty and I see requests in the Malware Help section frequently. If you detect them just a minute later, this is already too late, but how difficult it is to backup or even encrypt all your data? Nowadays, information is moved mostly to the cloud and mobile, so your Windows security, or lack of such has become a less important factor than before. There are many ways to scam a user on any platform into providing information and funds voluntarily and this requires no malware at all.

The heavy task of keeping your data secure now falls to third-party companies, where you deposit it. These are very attractive target and/ or might be selling your data for pennies - regardless of the fact that you have installed various programs and tools, to protect your data and privacy.
 
Last edited by a moderator:

Andy Ful

Level 72
Verified
Trusted
Content Creator
Dec 23, 2014
6,110
I would wish traffic incident security to be treated as seriously as computer security. It seems that people can easily tolerate 30-50 mln injured (10 mln badly injured) and 1.35 mln deaths each year. This is the price we can accept for freedom of transporting and traveling. A similar thing is visible in the COVID-19 pandemic. If the US and Europe could apply the model from South Korea or Taiwan then 90% of deaths could be avoided and billions of dollars could be saved in the years 2020-2021. But, this model would require the loss of privacy, so it could not be adopted.:unsure:
 
Last edited:
F

ForgottenSeer 89360

I would wish traffic incident security to be treated as seriously as computer security. It seems that people can easily tolerate 30-50 mln injured (10 mln badly injured) and 1.35 mln deaths each year. This is the price we can accept for freedom of transporting and traveling. A similar thing is visible in the COVID-19 pandemic. If the US and Europe could apply the model from South Korea or Taiwan then 90% of deaths could be avoided and billions of dollars could be saved in the years 2020-2021. But, this model would require the loss of privacy, so it could not be adopted.:unsure:
A vaccine is now on the way against the Covid pandemic. It’s probably ML-accelerated 😀
 
Top